EC-Council Certified Penetration Tester (CPENT)
Module 1: Introduction to Penetration Testing
– Penetration Testing Fundamentals
– LPT Penetration Testing Methodology
– Best Practices for Penetration Testing
Module 2: Penetration Testing Scoping and Engagement
– Request for Proposal (RFP)
– Proposal Submission Requirements
– Rules of Engagement
– Communication Protocols
– Timelines and Logistics
– Legal Considerations
– Scope Management
Module 3: Open Source Intelligence (OSINT)
– Utilizing OSINT on the Web
– Website Analysis for OSINT
– DNS Interrogation for OSINT
– Automation Tools for OSINT
Module 4: Social Engineering Penetration Testing
– Concepts and Methodologies
– E-mail, Telephone, and Physical Attack Vectors
– Reporting and Recommendations
Module 5: Network Penetration Testing – External
– Port Scanning Techniques
– OS and Service Identification
– Vulnerability Research and Exploitation
Module 6: Network Penetration Testing– Internal
– Footprinting and Scanning
– Enumeration and Vulnerability Assessment
– Exploitation Techniques
– Automation in Internal Network Penetration Testing
Module 7: Network Penetration Testing – Perimeter Devices
– Firewall, IDS, Router, and Switch Security Assessment
Module 8: Web Application Penetration Testing
– Web Application Discovery and Vulnerability Scanning
– Testing for SQL Injection, XSS, and other vulnerabilities
– Web Services and Web Server Security Testing
– Thick Clients and WordPress Testing
Module 9: Wireless Penetration Testing
– WLAN, RFID, and NFC Penetration Testing
Module 10: IoT Penetration Testing
– IoT Attacks, Threats, and Penetration Testing
Module 11: OT/SCADA Penetration Testing
– OT/SCADA Concepts and Modbus
– ICS and SCADA Penetration Testing
Module 12: Cloud Penetration Testing
– Cloud Platform-specific Penetration Testing
Module 13: Binary Analysis and Exploitation
– Binary Coding Concepts and Methodology
Module 14: Report Writing and Post Testing Actions
– Phases of Report Development
– Components and Delivery of Penetration Testing Reports
– Post-Testing Actions for Organizations
Application Security Training